MythWeb

From MythTV Official Wiki
Revision as of 18:48, 15 April 2007 by Kormoc (Talk | contribs)

Jump to: navigation, search

MythWeb

MythWeb provides a frontend for scheduling and managing recordings on your MythBox from a web browser located on another machine. In addition it allows for changing key bindings and other settings.

Numerous improvements have been added since its inception, so that MythWeb now provides access to much of the content from the various plugins.

Indeed, many functions you might want to perform on your MythBox are faster or easier through MythWeb. (How much this is true, of course, depends to some degree on what version you're running.)

See MythWeb readme for install details.

One contributed favicon is File:Favicon.jpg (it's really a .ico file; see the page).

Gallery

Securing Mythweb

This assumes you have decided to open your web server to the internet, and now you need to secure it. This guide will take you through setting up simple authentication. Please see the Apache [1] for more specifics or more secure methods.

There are several ways to secure MythWeb:

  • Modify the MythWeb .htaccess file to require password authentication
  • Modify the Apache configuration to require password authentication
  • Setup an SSH tunnel for remote access to MythWeb (assuming that you do not open your MythWeb server to the internet except for port-forwarding SSH from your router/firewall)

These instructions assume Fedora Core, with Myth Web installed in the default path /var/www/html/mythweb

MythWeb .htaccess

The simplest option is to edit /var/www/html/mythweb/.htaccess and read the comments there about what to uncomment to secure MythWeb. This option does not require Apache to be restarted, but is slightly less efficient than adding the options to the Apache config.

You may use either AuthType Basic or AuthType digest -- "Basic" is more compatible, "Digest" is more secure. If you use "Basic", you must use htpasswd to create users. If you use "Digest", you must use htdigest to create users.

Geeko head48.png

openSUSE 10.2

These steps are for openSUSE 10.2. The instructions are written using "htpasswd2" instead of "htdigest2" because that is what I got to work. I'm sure you could use "htdigest2", I'm just now sure how. These steps should work fine though.

1. create a new password file with htpasswd22
Warning.png WARNING: the "-c" will wipe out the file if it already exists

/usr/bin/htpasswd2 -c /etc/apache2/conf.d/httpd-passwords userid

You will be prompted to put in a password for the userid
2. create any additional user IDs (no "-c")

/usr/bin/htpasswd2 /etc/apache2/conf.d/httpd-passwords another_userid

3. Find the user:group that apache2 is running as

cat /etc/apache2/uid.conf

You file will probably look like this

User wwwrun
Group www

4. Change the ownership of the password file (change "wwwrun:www" to match the "User:Group" from the previous step)

chown wwwrun:www /etc/apache2/conf.d/httpd-passwords

5. If the .htaccess exists, which it probably does if you have mythweb installed, back it up. This is just in case you mess it up and it need to start over.

cd /srv/www/htdocs/mythweb/
cp ./.htaccess ./.htaccess.orig

6. Open .htaccess for modification with vi - or whatever floats your boat

vi ./.htaccess

7. The following lines should be present but commented. Remove the "#" from the start of each line, modify them to fit your setup, and save the file. Changes are immediate. Pay special attention to the bolded lines

AuthType           Basic
AuthName           "MythTV"
AuthUserFile       /etc/apache2/conf.d/httpd-passwords
Require            valid-user
BrowserMatch       "MSIE"      AuthDigestEnableQueryStringHack=On

Save the file and authentication should begin immediately.

8. If you don't want to bother with authentication when you are on the same network, add the following lines and authentication will be bypassed (assuming 192.168.1.0 is your local network).

Allow from 192.168.1.
Satisfy any

If you aren't sure what your network is, if you are using a router purchased from a store, you could probably get away with specifying "Allow from 192.168.". This would also cover you if you move your box from one location to another using a different third octet in the IP. With this in place, though, you should not be prompted now for authentication while on the local network.

UPDATE: I'm not 100% sure that this last step works. I tested from a remote site and was able to access MythWeb without being prompted for a password. The remote site also used the 192.168.1 network range. After removing the last two entries above, it prompted right away.

Other Linux Flavors

Create a Password File

You will need to create an htdigest password file -- a suggested location is /etc/httpd/conf, but it should be a location that gets backed up regularly.

htdigest -c /etc/httpd/conf/httpd-passwords MythTV MYUSER1

Create additional users as needed:

htdigest /etc/httpd/conf/httpd-passwords MythTV MYUSER2

Please make sure you DO NOT use the -c after the initial user, as this will overwrite the file and start from scratch.

Modify ownership of the file to match the user and group Apache is running as -- try

grep -A 2 ^User /etc/httpd/conf/httpd.conf 
chown apache.apache /etc/httpd/conf/httpd-passwords
chmod 640 /etc/httpd/conf/httpd-passwords
Modify .htaccess
nano /var/www/html/mythweb/.htaccess

The following lines should be present but commented. Remove the "#" from the start of each line, modify them to fit your setup, and save the file. Changes are immediate.

    AuthType           Digest
    AuthName           "MythTV"
    AuthUserFile       /etc/httpd/conf/httpd-passwords
    Require            valid-user
    BrowserMatch       "MSIE"      AuthDigestEnableQueryStringHack=On

Adding the following optional lines will enforce authentication from anywhere outside your local network (assuming 192.168.1.0 is your local network):

    Allow from 192.168.1.
    Satisfy any

Authentication should begin working immediately.

Apache Configuration

This method is slightly more efficient than the .htaccess method, but is complicated by the fact that you must restart Apache and mis-configuring the Apache configuration file will keep Apache from restarting.

Apache password file

We will start with creating an Apache password file. I put this in /etc/httpd/conf, as I back up this directory every night to one of my other systems.

htpasswd -c /etc/httpd/conf/httpd-passwords MYUSER1

Create additional users as needed:

htpasswd /etc/httpd/conf/httpd-passwords MYUSER2

Please make sure you DO NOT use the -c after the initial user, as this will overwrite the file and start from scratch.

Modify ownership of the file as follows:

chown apache.apache /etc/httpd/conf/httpd-passwords
chmod 640 /etc/httpd/conf/httpd-passwords

Editing Apache Config

Now edit /etc/httpd/conf/httpd.conf, and add the following section:

<Directory "/var/www/html/mythweb">
    Options Indexes FollowSymLinks
    AuthType Basic
    AuthName "MythTV"
    AuthUserFile /etc/httpd/conf/httpd-passwords
    require user MYUSER1 MYUSER2 MYUSER3
    Order allow,deny
    Allow from all
</Directory>

Modify the password file location and required users per your needs.

If you have created a link from your music storage area to /var/www/html/mythweb/music, you can add the following to separately secure web access to this:

#MythWeb music configuration
<Directory "/var/www/html/mythweb/music">
    Options Indexes FollowSymLinks
    AuthType Basic
    AuthName "MythTV-Music"
    AuthUserFile /etc/httpd/conf/httpd-passwords
    Require user MYUSER4 MYUSER5
    Order allow,deny
    Allow from all
</Directory>

Again, tailor your password file and users to your needs. You can even use separate password files if you wish!

Restart Apache

Now restart Apache, and you're done:

service httpd restart

(this may be different on your distro)

Other options

You can do a lot more with these configuration sections, such as secure by ip address, and more. Please see the Apache docs[2].

Questions: email me at johanreinalda at yahoo dot com. Preferred is an email to Myth Users list, however. Here's the configuration I used to allow users on my LAN to access MythWeb without a password, and require outside users to authenticate via pw

<Directory "/var/www/html/mythweb">
  Options Indexes FollowSymLinks
  AuthType Basic
  AuthName "MythTV"
  AuthUserFile /etc/httpd/conf/httpd-passwords
  Require valid-user
  Order allow,deny
  Allow from 192.168.1.
  Satisfy any
</Directory>

Troubleshooting

If you install or upgrade MythWeb and your web browser gives you garbage instead of a pretty page

Find the apache/htdocs/mythweb/.htaccess file and comment out (with a # sign) the three lines which begin php_value zlib.. (This note doesn't actually belong here, but I didn't want it to get lost, since I had to rummage in the mailing list to find it again. --Baylink 22:10, 7 October 2006 (UTC))

Mythweb fails to detect wap/wml devices when secured

If MythWeb is secured it will use the logged in username to record the mythweb settings including the template/skin. This is great if you are browsing mythweb from different PCs but will bypass the detection of mobile (wap/wml) devices. A simple workaround is to ensure you setup a different userid to authenticate with from your phone. --Lwoggardner 12:08, 14 October 2006 (UTC)

The user settings are stored in the table mythweb_sessions. To reset the stored session information for a particular user, simply delete the record for that user:

DELETE FROM mythweb_sessions WHERE id = 'user:<username>'

Database connection issues

If you have edited your .htaccess db values to match your mysql.txt file and still cannot connect to database you may have mysql database problems. Try:

GRANT ALL ON mythconverg.* TO mythtv@localhost IDENTIFIED BY 'mythtv'
WITH GRANT OPTION
FLUSH PRIVILEGES;

Streaming Music via Mythweb

If Streaming Music over Mythweb is not working check to confirm that there is a link to your music directory in mythweb/data. If your music is stored in /mythtv/music and your web directory is /var/www/html/mythweb then you would need to add a link like.

ln -s /mythtv/Music /var/www/html/mythweb/data/music

Then confirm that it worked

ll /var/www/html/mythweb/data

See Also